<?php
//include db configuration file
include_once("connection.php"); 

if(isset($_POST["myID_Sach"])) 
{	//check $_POST["content_txt"] is not empty

	//sanitize post value, PHP filter FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH Strip tags, encode special characters.
	$x=$_POST["myID_Tacgia"];
	$y=$_POST["myID_Sach"];
	// Insert sanitize string in record
/*	$insert_row =  mysql_query("INSERT INTO Tham_gia SET ID_Tac_gia=N'".$x."', ID_Sach=N'".$x."' "); 
*/	 
	if($x)
	{
		//Record was successfully inserted, respond result back to index page
		
		$result= mysql_query("SELECT * FROM Tac_gia WHERE ID=N'".$x."'");
		$row = mysql_fetch_array($result); 
		$tentacgia=$row['Ten_tac_gia'];
		echo '<li id="item_'.$x.'"> <div class="del_wrapper"><input name="tacgia[]" value="'.$x.'" hidden="x"> <input name="sach[]" value="'.$y.'" hidden="x">';
		
		echo '<a href="#" class="del_button" id="del-'.$x.'"> '.$tentacgia."-----";
		echo '<img src="images/icon_del.gif" border="0" />';
		echo '</a></div></li>';

	}else{
		
		echo $x."<br />";
		//header('HTTP/1.1 500 '.mysql_error()); //display sql errors.. must not output sql errors in live mode.
		header('HTTP/1.1 500 Looks like mysql error, could not insert record!');
		exit();
	}

}
elseif(isset($_POST["recordToDelete"]) && strlen($_POST["recordToDelete"])>0 && is_numeric($_POST["recordToDelete"]))
{	//do we have a delete request? $_POST["recordToDelete"]

	//sanitize post value, PHP filter FILTER_SANITIZE_NUMBER_INT removes all characters except digits, plus and minus sign.
	$idToDelete = filter_var($_POST["recordToDelete"],FILTER_SANITIZE_NUMBER_INT); 
	
	//try deleting record using the record ID we received from POST
	$delete_row = $mysqli->query("DELETE FROM Tham_gia WHERE id=".$idToDelete);
	
	if(!$delete_row)
	{    
		//If mysql delete query was unsuccessful, output error 
		header('HTTP/1.1 500 Could not delete record!');
		exit();
	}
	$mysqli->close(); //close db connection
}
else
{
	//Output error
	header('HTTP/1.1 500 Error occurred, Could not process request!');
    exit();
}


?>